| 182 |
rodolico |
1 |
#! /usr/bin/env perl
|
|
|
2 |
|
|
|
3 |
# create a certificate of authority and key defined in $caCRT and $caKey
|
|
|
4 |
# read from config file
|
|
|
5 |
#
|
|
|
6 |
# requires $sslConfig file to be set up similar to openssl.cnf.sample
|
|
|
7 |
#
|
|
|
8 |
# script will ask for passphrase three times, twice to encrypt the key
|
|
|
9 |
# file, and once when creating the CA. PassPhrase must be a minimum of
|
|
|
10 |
# 8 characters long.
|
|
|
11 |
|
|
|
12 |
use strict;
|
|
|
13 |
use warnings;
|
|
|
14 |
|
|
|
15 |
use FindBin;
|
|
|
16 |
use File::Spec;
|
|
|
17 |
use Cwd 'abs_path';
|
|
|
18 |
use File::Basename;
|
|
|
19 |
|
|
|
20 |
my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
|
|
|
21 |
my $config = $binDir . 'makeCert.conf';
|
|
|
22 |
my $sslConfig = $binDir . 'openssl.cnf';
|
|
|
23 |
|
|
|
24 |
my $configFile; # prototype for the domain specific config file
|
|
|
25 |
my $caCRT; # location of the CA crt file
|
|
|
26 |
my $caKey; # location of the CA Key file
|
|
|
27 |
my $serverCertDir; # where to put the server certs
|
|
|
28 |
my $certDays; # number of days a Server certificate is valid for, not used here
|
|
|
29 |
my $caDays; # number of days a CA is good for
|
|
|
30 |
|
|
|
31 |
die "Config File $config not found\n" unless -f $config;
|
|
|
32 |
die "openssl config file $sslConfig not found\n" unless -f $sslConfig;
|
|
|
33 |
|
|
|
34 |
# load the config file
|
|
|
35 |
eval `cat $config`;
|
|
|
36 |
|
|
|
37 |
die "Existing CA or Key found, remove them before continuing\n" if -f $caCRT or -f $caKey;
|
|
|
38 |
|
|
|
39 |
`openssl genpkey -algorithm RSA -out $caKey -des3 -pkeyopt rsa_keygen_bits:2048`;
|
|
|
40 |
`openssl req -config $configFile -key $caKey -new -x509 -days $caDays -out $caCRT -extensions CA_default`;
|
|
|
41 |
|
|
|
42 |
print "CA Created. You can view it with:\nopenssl x509 -in dailydataCA.crt -text -noout\n";
|
|
|
43 |
|